CVE-2021-1128 – Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1128
A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain sensitive information within the configuration that otherwise might not have been accessible beyond the privileges of the invoking user. Una vulnerabilidad en el analizador de la CLI del Software Cisco IOS XR, podría permitir a un atacante autenticado local visualizar más información de la que sus privilegios permiten. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-infodisc-4mtm9Gyt • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVE-2021-1136 – Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Image Verification Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1136
Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los Enrutadores Cisco Network Convergence System (NCS) 540 Series, solo cuando ejecutan imágenes de software de NCS540L de Cisco IOS XR y el Software Cisco IOS XR para los Enrutadores Cisco 8000 Series podrían permitir a un atacante autenticado local ejecutar código sin firmar durante el proceso de arranque en un dispositivo afectado. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxr-l-zNhcGCBt • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2021-1243 – Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1243
A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq • CWE-284: Improper Access Control •
CVE-2021-1244 – Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Image Verification Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1244
Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los Enrutadores Cisco Network Convergence System (NCS) 540 Series, solo cuando ejecutan imágenes de Software de NCS540L de Cisco IOS XR, y el Software Cisco IOS XR para los Enrutadores Cisco 8000 Series, podrían permitir a un atacante autenticado local ejecutar código sin firmar durante el proceso de arranque en un dispositivo afectado. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxr-l-zNhcGCBt • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2021-1268 – Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1268
A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K • CWE-1076: Insufficient Adherence to Expected Conventions •